Exploring Terraform

Monica SubishMonica Subish
5 min read

πŸ§‘β€πŸ³ Terraform: Think of It as a Recipe for Your Infrastructure

Imagine writing a recipe for your entire cloud environment, and Terraform goes and sets it all up β€” automatically.

At its core, Terraform is like a builder's blueprint for your digital infrastructure. Here's how it works:


πŸ“ 1. Write the "Recipe" (Configuration File)

You describe what you want using HCL (HashiCorp Configuration Language):

  • A virtual machine with 4GB of RAM and 2 CPUs

  • A database that can hold 100GB of data

  • A load balancer with two servers underneath

      resource "aws_instance" "example" {
        instance_type = "t3.medium"
        ami           = "ami-0c55b159cbfafe1f0"
      }
    

πŸ” 2. Terraform Understands the Recipe

Terraform reads your configuration and compares it to what already exists.

  • It figures out what needs to be created, updated, or deleted

Think of it like a smart planner checking what ingredients you already have


πŸ—οΈ 3. Terraform Builds It

After you approve the plan, Terraform automatically provisions and configures everything.

  • It talks to cloud providers like AWS, Azure, GCP

Or even to on-premises infrastructure via supported providers


🧾 4. Keeps Track of the Build

Terraform uses a state file to:

  • Track all deployed resources and their current settings

  • Know the relationships between components

  • Avoid accidentally creating duplicates or deleting the wrong resource


πŸ” 5. Make Changes Easily

Want to scale up or tweak something?

  • Just update your configuration file

Terraform will safely determine the smallest set of changes to apply


πŸ› οΈ Advanced Terraform: Deep Dive & Architecture Explained

Terraform is more than just plan and apply. Let’s explore its internals, architecture, and how to manage scalable, secure infrastructure like a pro.

πŸ” Terraform Core Architecture

Terraform is composed of two primary components:

ComponentRole
Terraform CoreParses configs, manages state, creates execution plan, and applies changes.
ProvidersPlugins that interact with APIs (e.g., AWS, Azure, GitHub, etc.).

🧠 Execution Flow (How Terraform Works)

  1. Reads HCL (.tf) files

  2. Builds a dependency graph

  3. Compares state (current vs desired)

  4. Generates execution plan

  5. Applies via provider APIs


πŸ“¦ Modules: Infra as Reusable Code

  • Like functions in code, modules help reuse infrastructure.

  • Can be local, remote (Git), or Terraform Registry modules.

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "4.0.2"
  name    = "my-vpc"
  cidr    = "10.0.0.0/16"
}

🧾 Terraform State & Backends

State tracks what’s deployed in the cloud. Use remote backends to collaborate.

terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "dev/vpc/terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "terraform-locks"
    encrypt        = true
  }
}

βœ… Use S3 + DynamoDB for locking
βœ… Enables team collaboration
βœ… Avoid storing .tfstate locally

πŸ—οΈ Workspaces for Multi-Environment

terraform workspace new dev
terraform workspace select dev
  • Each workspace has its own state

  • Use it for dev/staging/prod separation

πŸ”„ Lifecycle Management

resource "aws_instance" "web" {
  ...
  lifecycle {
    create_before_destroy = true
    prevent_destroy       = true
    ignore_changes        = [tags]
  }
}

Control how resources behave during changes.

πŸ”§ Dynamic Blocks

dynamic "ingress" {
  for_each = var.ports
  content {
    from_port   = ingress.value
    to_port     = ingress.value
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
  • Great for loops, conditionals

  • Makes HCL more programmatic

πŸš€ CI/CD Integration

Automate Terraform with tools like:

  • GitHub Actions

  • Jenkins

  • GitLab CI

  • Atlantis (GitOps-style)

Typical flow:

  1. Validate on PR

  2. Auto-plan

  3. Require approval

  4. Apply on merge to main

πŸ›‘οΈ Secrets Management

Avoid exposing credentials:

  • Use environment variables

  • Integrate with AWS Secrets Manager, SSM, or Vault

  • Mark Terraform variables as sensitive:

variable "db_password" {
  type      = string
  sensitive = true
}

πŸ§ͺ Testing and Linting

  • βœ… terraform validate β€” syntax checks

  • βœ… terraform plan β€” dry run

  • βœ… tflint, tfsec, checkov β€” linting & security

  • βœ… Terratest (Golang) β€” infrastructure testing

πŸ“Œ Summary Table

ConceptPurpose
CoreHandles plan/apply/state
ProviderCommunicates with APIs
ModulesReusable components
StateTracks infra
WorkspacesMulti-env support
Lifecycle rulesFine control over resource changes
BackendsRemote state management
Dynamic blocksConditional/nested resources
CI/CD IntegrationAutomated delivery
Security & TestingEnsure correctness, compliance

βœ… Final Thoughts: Why Terraform Is a Game-Changer

Terraform transforms the way we manage infrastructure β€” from manual click-based deployments to version-controlled, automated, and scalable infrastructure as code.

With a solid understanding of:

  • How Terraform builds and manages resources

  • Using modules, remote backends, and CI/CD pipelines

  • Securing secrets and tracking infrastructure state

  • Automating safe, repeatable deployments

You're now equipped to take full control of your infrastructure β€” like a DevOps engineer, not just a user.


πŸ“š What's Next?

  • πŸ” Explore Terragrunt for DRY module management

  • πŸ›‘οΈ Try integrating Vault or AWS Secrets Manager

  • πŸ§ͺ Write Terratest cases for your modules

  • πŸ“ Build a multi-environment project using workspaces + S3 backends


πŸ’¬ Got Questions?

Have a Terraform problem you're stuck on? Curious about deploying this at scale?
πŸ‘‰ Drop a comment or connect with me β€” let’s debug and deploy together.

0
Subscribe to my newsletter

Read articles from Monica Subish directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Monica Subish
Monica Subish

I design, automate, and deploy cloud-native solutions using tools like Terraform, ArgoCD, Jenkins, and Kubernetes on AWS. Passionate about making infrastructure scalable, secure, and self-healing. Currently documenting my DevOps journey through technical blogs and hands-on projects to empower developers and streamline operations. πŸ›  Building in public. Learning always. Helping teams ship faster.